One of China’s intelligence agencies hacked the U.S. Treasury Department, gaining access to the workstations of government employees and unclassified documents, the Biden administration said on Monday, the latest in a series of embarrassing surveillance operations against major American institutions.
It was unclear from the Treasury’s limited first account of the episode exactly what the hackers were seeking. But senior officials with access to the intelligence on the breach said that it appeared to be entirely an espionage operation and not part of other Chinese efforts to insert malicious computer code into utility grids and water supply systems, giving them a capability to shut off critical American infrastructure.
In a letter informing lawmakers of the episode, the Treasury Department said it had been notified on Dec. 8 by a third-party software service company, BeyondTrust, that the hacker had obtained a security key that allowed it to gain remote access to certain Treasury workstations and documents on them.
“Based on available indicators, the incident has been attributed to a China state-sponsored Advanced Persistent Threat (APT) actor,” the letter said. “In accordance with Treasury policy, intrusions attributable to an APT are considered a major cybersecurity incident.”
Top Chinese officials have a deep interest in the activities of the Treasury Department, which oversees sensitive data about global financial systems — and estimates of China’s own troubled economy. The department also implements sanctions against Chinese firms, including, in recent times, those aiding Russia in the war against Ukraine.
Earlier in the year, Chinese intelligence cracked email accounts used by Commerce Secretary Gina Raimondo as she was making determinations about new export controls on advanced semiconductors and other key technology, an attempt to slow their acquisition by Chinese firms. Similar efforts were made against targets in the State Department.
But the admission by the administration about the Treasury Department comes at a particularly sensitive moment, just as the Biden White House is dealing with one of the most far-reaching, and damaging, hacks into American infrastructure in the cyberage.
In recent months, a series of revelations have shown how a sophisticated Chinese intelligence group, called Salt Typhoon, penetrated deep into at least nine U.S. telecommunications firms.
That breach exploited critical gaps in the patched-together U.S. telecommunications infrastructure, giving the hackers access to not only text messages but also phone conversations. Investigators said that among the targets were the commercial, unencrypted phone lines used by President-elect Donald J. Trump, Vice President-elect JD Vance and top national security officials, though it is not clear what conversations, if any, the hackers were able to monitor.
The Salt Typhoon hackers also obtained a nearly complete list of phone numbers the Justice Department has wiretapped to monitor people suspected of crimes or espionage, giving the Chinese government insight into which Chinese spies the United States has identified — and which it has missed. As a result, the breach has concerned counterintelligence officials, who fear that Beijing will learn who is under suspicion and who is not.
The Treasury Department said it had worked with the F.B.I., the intelligence community and other investigators to determine the impact of the latest breach. The compromised service has been taken offline, and there is no evidence that the Chinese hackers still have access to Treasury information, the department said.
In a statement, a Treasury spokesman said that the department took threats against its systems and the data they hold seriously, and that it would continue to work with the private sector and government agencies to protect the financial system from hacking.
The Treasury Department did not clarify when the episode took place but said it would reveal more details in a forthcoming report to Congress.
On Tuesday, a spokeswoman for China’s foreign ministry, Mao Ning, called the allegation by the United States “groundless.” Ms. Mao added that China opposed all forms of hacking attacks and “we are even more opposed to the spread of false information against China for political purposes.”
Chinese officials have long denied any government role in hacking, and have set up dialogues with the United States to work together on cybersecurity. Earlier this month, officials from the Treasury Department traveled to China for a round of meetings of their economic and financial working groups, which cover collaboration on cybersecurity issues.
In response to the Salt Typhoon hack, the Commerce Department said this month that it would ban the few remaining operations of China Telecom, one of the country’s biggest communications firms, from the United States.
Alan Rappeport and Zixu Wang contributed reporting.
